Multi-Tenant Support with AWS cognito service

Question

We would like to use Cognito service for our authentication and authorization requirement for SAAS application. Requirement detail:

1. Support multi-tenant support for SAAS application.
2. User can create multiple projects(groups). Group users can have two roles admin and normal user.
3. One admin of a Project can be a Normal user for other Project.
4. User can be created at sign-up OR by Admin. Please confirm either Cognito can be used for the above requirement.

Answer 1

User management is one of those fundamental concepts that must be tackled by every software as a service (SaaS) provider.

The fully managed nature of Amazon Cognito’s user pools represents a compelling model, eliminating the need for SaaS providers to build, manage, and maintain their own identity infrastructure. Offloading this responsibility to AWS can reduce the complexity of your identity footprint and free you up to focus more of your attention on the core capabilities of your SaaS solution.

he way this should be implemented can be found at the following links:

Managing SaaS Identity Through Custom Attributes and Amazon Cognito

Managing SaaS Users with Amazon Cognito

SaaS identity and isolation with Amazon Cognito (Example Guide)

SaaS Storage Strategies

Building fine-grained authorization using Amazon Cognito User Pools groups

You can use groups to create a collection of users in a user pool, which is often done to set the permissions for those users. For example, you can create separate groups for users who are readers, contributors, and editors of your website and app. Refer the following link for your Group Access Management. Adding Groups to a User Pool